CVE-2026-40544EPSS p21.0%

CVE-2026-40544CVE-2026-40544

Description

SOPlanning is vulnerable to Stored Cross-Site Scripting (XSS) via /process/upload_backup endpoint. An authenticated attacker with access to the backup functionality can upload a crafted ZIP archive containing a malicious user.csv file with embedded JavaScript. The injected code is executed in the victim’s browser when a user clicks the Edit button for the malicious backup. This issue affects SOPlanning version 1.55 and below.

Scoring

EPSS0.29% probability of exploitation · percentile 21.0% · 2026-06-19T12:03:05Z
Last modified2026-06-01

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-40548
CVE
CVE-2026-40543
CVE
CVE-2026-40545
CVE
CVE-2026-40547
CVE
CVE-2026-40546
CVE
CVE-2026-40549
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.